Risk management, strategy and analysis from DeloitteCONTENT FROM OUR SPONSORPlease note: The Wall Street Journal News Department was not involved in the creation of the content below.

Text Size

Regular

Medium

Large

Google+

Print

Protecting Privacy in the Age of Big Data and Analytics

Concerns continue to be raised about big data’s impact on privacy. There are fears that fundamental protections, once taken for granted, are now challenged by the sheer velocity, veracity and volume of data and how it can be manipulated in the objective of creating value.

Further, the ability of organizations to connect data to generate information, identify patterns and personalize interactions to create intelligence has reached a high level of sophistication. Consider the process known as “nudging,” in which identifiable data is used to profile individuals to analyze, predict and influence their behavior. In a nudging exercise, someone with a bias against scarcity will be automatically served an advertisement which states “while supplies last,” while a person with a bias for following others will get an ad labelled “best-selling.” While nudging is gaining popularity, it may be perceived as invasive.

David Stewart

Recent advances make it possible to analyze massive amounts of structured and unstructured data at very high speeds. Data analytics is benefiting and accelerating the pace of innovation as it disrupts traditional business models, while creating new business models. For example, there is a trend toward using analytics to interpret data generated from video cameras that track customer movement through a retail store. The aim is to match the data from the video to point-of-sale data to produce analytics that can help retail managers rework store layouts, make more informed decisions about product assortment and placement, and intercept at-risk customers with the appropriate level of engagement.

Two other retail analytics trends involve path-to-purchase and omnichannel initiatives. Path-to-purchase refers to the retail consumer cycle, from brand awareness and product trials to initial and repeat purchases, and reconnecting with lapsed consumers. Omnichannel describes a system that connects stores, ecommerce, mobile apps and social media to provide a flexible and seamless shopping experience. Incorporating data analytics into path-to-purchase and omnichannel strategies allows retail organizations to use research data to construct so-called people-to-people personas around which marketers can design engagement tactics to present customers with an enhanced shopping experience.

Data analytics is a competency that enables organizations to seek out connections, identify patterns, predict behavior and personalize interactions to an extent that could scarcely be imagined just a decade ago, to resolve business issues or create opportunities. Some argue the very notion of privacy must change, that the imperative to innovate and unlock value from data must trump traditional concepts.

“The idea of an automatic negative trade-off between privacy and innovation is unhelpful and, frankly, outdated,” says David Stewart, national leader, Analytic and Forensic Technology practice for Deloitte, the Canadian member firm of Deloitte Touche Tohmatsu Limited (DTTL). “It is possible to achieve a principle’s privacy while implementing data analytics to unlock new insights and innovations to allow organizations to maintain or increase their competitive advantage,” Mr. Stewart adds. Compliance-based approaches to privacy protection tend to focus on addressing privacy breaches after the fact. Other approaches, however, have organizations building privacy protections into their technology, business strategies and operational processes to prevent breaches before they happen.

Privacy by Design (PbD), for example, is a framework that reconciles the need for robust data protection with the desire for data-driven innovation. Developed in the late 1990s by Dr. Ann Cavoukian, Executive Director of the new Ryerson University Institute for Privacy and Big Data and former Information and Privacy Commissioner of Ontario, PbD, embeds privacy directly into the design specifications of technology, business practices and networked infrastructure, providing a “middle way” by which organizations can balance the need to innovate and maintain a competitive advantage with the need to preserve privacy. “Just as technology enabled the rise of data analytics, it can also be used to solve the resultant privacy issues,” says Dr. Cavoukian.

Beth Dewitt

Building on the PbD framework, several technology-based options for advancing privacy while pursuing data analytics are available to organizations. For instance, by using data minimization personally identifiable information is not collected unless a specific and compelling purpose is defined. In addition, a de-identification process can be used, in which datasets are stripped of all information that could identify an individual, either directly or through linkages to other datasets. Another option is for organizations to enforce user access controls, which are a set of processes that grant or deny specific requests to obtain information that are generally combined with other security policies. Such procedures can help reduce privacy risk—the risk that personal information is collected, used or shared in an unauthorized manner. Further, the procedures are often most helpful in the early stages of a company’s use of data analytics.

“Organizations will continue to use data analytics to advance their strategic goals, but the ones with effective business strategies will embrace privacy as a driver of creativity and innovation and embed it into their systems to ensure quality results,” says Beth Dewitt, senior manager and privacy specialist in Enterprise Risk Services at Deloitte, the Canadian member firm of DTTL. Through careful planning and application of privacy techniques and principles, organizations can use data to move business ahead and protect the personal information contained within them.

Related Deloitte Insights

From a reliance on manual processes to limits on staffing resources to concerns about data quality, federal agencies face numerous challenges in planning and executing departmental budgets. Data analytics and automation can help relieve these pressures by streamlining the budgeting process while also providing CFOs with insights to influence decisions at the macro and line-item levels. Learn how CFOs can leverage data analytics to improve the efficiency of their staffs and the effectiveness of their budget planning activities.

In the eleventh hour before an earnings call many C-suite executives can be found combing through metrics, spreadsheet data and the output from analytical models, searching for insights that could help them communicate to investors and analysts a narrative about performance. Learn how streamlining the information production process on the front end may help executives in gaining insights to manage the business and in crafting a more effective message to the investment community. Also, understand how focusing on what drives the business when creating a narrative can create a feedback loop that operationalizes the organization’s strategy.

Financial institutions have substantial motivation to not only improve risk management but to transform it. Regulatory requirements aside, competitive challenges and the benefits of aligning disparate risk processes are just some of the reasons why risk transformation—which shifts responsibility for risk throughout the entire organization, rather than leaving it siloed within a single area—is worth exploring. When responsibility for risk becomes part of the purview of every business, function and individual, the organization is not only better able to address risks, but can also more effectively implement business strategies.

Views & Analysis

Many executives believe that the manufacturing sector is vulnerable to emerging and dynamic cyber risks, given the industry’s pace of technology change due to innovations in shop floor automation and connected products, according to a study by Deloitte and The Manufacturers Alliance for Productivity and Innovation (MAPI). Learn about escalation frameworks and the type of leadership and talent that are needed to address cyber risks effectively, as well as questions boards can ask to determine how cyber risks are being detected, managed and mitigated.

For the travel, hospitality and leisure sector, external shocks—such as terrorist attacks and the Zika epidemic—are impacting consumer travel decisions and reshaping their travel preferences. At the same time, the sector is increasingly vulnerable to internal risks such as food safety and cybersecurity. Understand how risk management in the sector is being balanced with the need to innovate, and what boards of directors are doing to become more engaged in risk oversight.

The anti-bribery management standards issued by the Geneva-based International Organization for Standardization (ISO) provide automotive companies, as well as global organizations in other sectors, with new guidance and tools that could potentially help mitigate the risks and costs of noncompliance with anti-bribery laws. Learn about the global nature of the new ISO guidance, as well as other considerations for any organization considering incorporating it into their ethics and compliance program.

Editor's Choice

Boards and C-suite executives overwhelmingly see risk as having an important role in value creation, but just 17% of respondents say they are actively using risk to drive returns, according to a new global survey from Deloitte. The survey also found that senior stakeholders want chief risk officers to spend significantly more time playing the strategist role, with a majority of respondents saying their risk officers should participate more in setting the strategic direction of the company and aligning risk management strategies accordingly.

Traditionally, internal audit (IA) has focused on providing assurance with respect to known risks and the effectiveness of controls in mitigating those risks. Regulators, however, are increasingly interested in an organization’s ability to identify blind spots and other vulnerabilities that may undermine the integrity of the risk management environment, including the risk of misconduct. IA functions can play a pivotal role by substantively testing culture and identifying potential risk-related outliers that may not be visible via other means, such as supervisory frameworks, escalations, compliance assessment and testing, and previous audits.

Identifying and managing strategic risks can be a difficult task. To add to the challenge, many companies have traditionally separated their risk and strategy functions and think of risk as more of a compliance responsibility rather than a dynamic tool for value creation, business performance management and growth. However, companies that align strategy and risk can be better served to allow for a process of “strategic resiliency,” which involves anticipating, knowing and acting on risks when introducing or executing new strategies as a way of increasing the chances of success in spite of uncertainty.

About Deloitte Insights

Deloitte’s Insights for C-suite executives and board members provide information and resources to help address the challenges of managing risk for both value creation and protection, as well as increasing compliance requirements.